Another piece of malware used by attackers behind the Solarwind attack was identified by Microsoft. Microsoft has called the group responsible for the attack – Nobelium. In April this year, the US and UK officially blamed the Russian Foreign Intelligence Service hacking unit responsible for the attack. Microsoft called the recently discovered malware FoggyWeb and, according to the company, the malware was used by attackers after the compromise of a targeted server.
Several tactics were used by malicious actors to steal network passwords and usernames for gaining admin-level access to Active Directory Federation Services servers. The ultimate goal was to control user access to apps and resources. As a result, even after a cleanup attackers may stay inside a network. FoggyWeb has been widely used by hackers since April 2021.
Ransomware attacks against hospitals are resulting in a reduced availability of systems and services thereby causing direct negative consequences for patient care. As a result of ransomware attacks, patients are held longer in hospitals due to delays in tests and procedures. What is the most terrible, ransomware attacks may result in an increase in patient deaths. The research analyzing the impact of ransomware attacks on healthcare hospitals was conducted by The Ponemon Institute think tank in cooperation with cybersecurity company Censinet.
Compared to ransomware attacks targeting supermarkets or retailers, the ones targeting hospitals have more disruptive consequences since patients cannot simply go to another hospital, they don’t have any option. Targeting hospitals through ransomware attacks has become a lucrative business for malicious actors. They realize that these entities do not have any choice but to pay a ransom to continue delivering vital services to patients.
Due to the shut down of its network as a result of an experienced cyberattack, a British payroll company has left some contractors without pay. Giant Group was forced to take offline its network and IT infrastructure last Wednesday since it identified suspicious activity. According to the statement made by the company, the attack took place on September 22. A team of experts in the US, UK, and Brussels was immediately put in place by the law firm Crowell & Moring to carry out the investigation of the incident.
Giant Screening was not affected by the attack. Also, Giant Finance+ and the firm’s precision portals are now operational. The attack took place at a time when the UK was experiencing panic buying caused by Brexit. The unspecified number of people did not timely receive their pay. The company did not disclose any information regarding possible information leakage due to the attack. However, Giant Group confirmed that its database is encrypted.
The company’s Voice over Internet Protocol was interrupted after a DDoS attack. Malicious actors flooded the network with traffic. Bandwidth shared information regarding the attack on 28 September. According to the statement made by the company’s CEO David Morken, several communication service providers were targeted by cybercriminals. Although the company managed to mitigate the damage caused by the attack, some of its customers have been significantly affected by the incident.
Bandwidth’s support teams and account managers have already contacted all affected parties. After the experienced attack, the company is going to strengthen its focus on security to prevent the occurrence of similar incidents in the future. It’s necessary to mention that other VoIP vendors also experienced outages due to a series of DDoS attacks.
«Ghostwriter» cyberattacks are targeting several EU members states. On Friday, the EU threatened to take action against Russia due to its possible involvement in these malicious activities. The list of targets of these cyber-attacks includes politicians, officials, several parliaments, and civil society. The mechanism of the attacks provided for accessing computer systems and personal accounts to steal data. The attacks pose a serious threat to the security and democratic values of the EU.
One of the most affected states is Germany. It accused Russia of trying to influence the upcoming elections by committing cyberattacks against its lawmakers. According to the statement made by the German government, the Russian military intelligence service GRU is likely to stand behind the attacks. The Ghostwriter cyberattacks are the combination of disinformation and influence operations with conventional cyberattacks.
Enter your email address to subscribe to Hacken Reseach and receive notifications of new posts by email.